Teaching German

Internet

Concern grows at Indian 'cyber snooping agency'

With the controversy surrounding the US surveillance of communications, Indians fear New Delhi's plans to introduce its own cyber security infrastructure could mean an infringement on their right to privacy.

The national cyber security policy unveiled by New Delhi this past week will ensure that the critical Information Technology infrastructure in the country is strengthened to prevent increasing cyber-attacks from across the globe.

Cyber attacks rising in India

A new multi-agency body called the National Cyber Coordination Centre (NCCC) is expected to carry out real-time assessment of cyber security threats and send out alerts for action to law enforcement agencies.

"This new structure provides for multi-layered protection, with responsibility allocated to various stakeholders, including critical ministries like defense, home and IT. However, the agencies will assure that there will be absolutely no invasion of privacy," a top intelligence official told DW on conditions of anonymity.

Officials were quick to mention that this "cyber snooping agency" will work with Internet Service Providers (ISPs) to analyze the metadata of Indian users but that it will not mine information. It would thus be different from the US National Security Agency's (NSA) "data-vacuuming program" called Prism because this would not be a covert operation.

There has been huge concern in India after Edward Snowden, the NSA whistle-blower behind one of the most explosive government leaks in US history, exposed alarming details of a top-secret program to collect personal data of millions of web users.

Edward Snowden told NSA secrets to the media and is now believed to be hiding in Hong Kong

Studies show internet usage has been rising exponentially and the country has the fastest internet traffic growth globally; it is expected to have 348 million users by 2017, up from 138 million in 2012.

Lax cyber laws

But India's cyber security has been notoriously weak for a long time and this has been attributed to a lack of cyber expertise.

According to data compiled by the Indian Computer Emergency Response Team, more than 1,000 government websites, storing critical and sensitive data concerning national security, have been hacked by cyber criminals in the last three years, exposing the gaps in the country's cyber security mechanism.

"We just don't have enough trained personnel to handle these hacking attacks. There has to be better coordination between states and the central government," Rakshit Tandon, a cyber security expert who conducts workshops for government agencies told DW. "I am happy this effort is underway but we simply need more skilled personnel."

Gulshan Rai, the country's first cyber security coordinator who was appointed last month, said India needed as many as 500,000 professionals in the field within five years.

"Currently, there are only about 37,000 cyber security professionals and there is a big gap between demand and supply. With this increase in Internet users, the threat of cyber attacks is also increasing. Hence, the need for cyber security experts is also increasing," said Rai.

NSA head General Keith Alexander said the surveillance had helped stop many possible attacks

But free speech advocates and Internet users in India are not entirely convinced by the new cyber security architecture that is sought to be unveiled. In the past they have voiced concerned about regulations which have restricted online content and thus undermined free speech.

"The recently unveiled cyber policy allows government agencies access to all internet accounts, social media and blogs. What is the guarantee that they will not harvest personal data from the web and then use it against an individual?" free speech activist Pradeep Guha told DW.

Subho Ray, President of the Internet and Mobile Association of India says the government must take steps to ensure that there is accountability. It must also precisely define what "critical infrastructure" that it wants to safeguard.

"There have to be proper checks and balances. Telecommunications, oil companies, defense industries are all vulnerable and have been subject to hacking in the past. The idea is to ensure the security of these institutions while at the same time not compromising the country's security," Ray said.

In India and all over the world, hackers have been able to infiltrate government websites and military organizations. Realizing the ever-present threat, there are now voices calling for better countermeasures them.